Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

ISoldat53 writes "Gordon Frazer, managing director of Microsoft UK said that the Patriot Act allows government access to data in its cloud services even in Europe. Though he said that 'customers would be informed wherever possible,' he could not provide a guarantee that they would be informed if a gagging order, injunction or U.S. National Security Letter permits it."

No, the US Patriot Act is making political geographical borders a useless invention. That you are across the ocean, with your own history, culture, laws, government, and values is of no consequence to us anymore.

If the US has a base, is friendly with a nation or your telco loops data via friend of the US or a country with a US base....
Your data is now US data and has been for many years. The problem with the Patriot Act is you not just been watched anymore.
Think hard before you share too much data with anything US on a network.

Patriot Act has nothing to do with it. Long ago foriegners were denied all rights by the US government, in fact in US police agencies are entitled to break all other countries laws and US law, even when those actions would be illegal in the US.

Making it public that M$ would have over private information from other countries once in it's cloud at any request of any US government agency, has pretty much crippled the M$ cloud and prevented from doing any work for any foreign government agency.

In fact that kind of delcaration put's into doubt the trust of any M$ software, when updates and patches are delivered direct from the US and US government agencies can legally corrupt those patches in direct contravention to local foreign laws, leaving M$ under the gun for criminal conspiracy to corrupt computer networks and the executives would be subject to extradition or the whole extradition system when tied to the US would collapse.

To be fair... its only because they can address the letter to microsoft, which is in its own juridiction.

All this means is that a multinational can't move part of its assets to europe and then have immunity to the us govt.

If MS wants immunity, it has to leave America.

And this is also the way it works in Europe, or Belgium at least: if police have a search warrant they can also search the local network and all connected servers that can be reached through normal operations even though they might be physically located outside of belgian police jurisdiction.

But what would happen if the EU had a law that prohibits such access to cloud data? (This might already be the case, actually. The EU does have some privacy laws.) It sounds like no company with cloud services could have a base in both the EU and the US.

Also be sure to pick up your dystopian future gear beforehand. Hoodie trenchcoats, regular and fingerless gloves, a good set of goggles, some good bladed weapons and giant anime handguns (there's a.50cal enthusiast on here who could help, forgot his name), gas masks, some Mad Max/ZAV-style vehicles, plenty of computers, and some land in the country to build a bunker on (be sure to leave enough room for a moat or spike pit).

I think you are referring to the S&W 500 [wikipedia.org] which is a.50 hand cannon of a revolver. Also there is the draco pistol [google.com] which is a pistol form of the AK which still shoots the 7.62x39 rifle round or the AR-15 pistol [olyarms.com] which shoots the 5.56x45 (.223) rifle round.

i actually prefer his solutions to those issues.
There should be no "gay rights". You have individual rights, they should be the same for everybody.
Get the government OUT of marriage. Marriage licensing by the government originated as a way to keep whites and blacks from marrying. Let's eliminate state-sanctioned marriage and return it back to where it came from, chuches or individual private ceremonies.
Well I'm pro-life, but even then his solution is to return it back to the state level. Let those

I'm pretty sure that no matter what, it means lots of moisture. That means you'd better hope they keep those servers under some sort of umbrella or something. You should water-proof your data too, just to be sure.

Er, presumably if there were such a National Security Letter, housing it yourself wouldnt give you much choice in the matter either; you would be forced to turn over the data regardless.

This article is basically an excuse to rail at the cloud and at the US government, but it really doesnt reveal any new information.

Actually, TFA has a snippet that is interesting:

Frazer explained that, as Microsoft is a U.S.-headquartered company, it has to comply with local laws (the United States, as well as any other location where one of its subsidiary companies is based).

While the focus is on the US Patriot Act; that quote implies that cloud based data is essentially subject to any local law and that privacy laws don't protect someone if the law requires access outside of the jurisdiction covered by privacy laws. A local subsidiary would cough up the information, as required by law, not the one where the data may have originated and is covered by privacy laws.

Carried to an extreme, MS is saying that loud based computing renders privacy laws moot. It also means that presumably protect information could be accessed by any state that wishes to pass laws granting itself access (if a company has a subsidiary in that state).

While the US may be at the vanguard, the implications go far beyond there.

Which is of course utter nonsense, if the information of European citizens is being demanded by US authorities, that violates the stringent privacy laws in the EU. It comes down to whether or not Microsoft wants to do business in the EU. Handwaving about the cloud means nothing.

If that information resides in a Chinese server, EU privacy laws wouldn't apply either. If you put your information outside the jurisdiction of your laws, why do you expect those laws to trump other laws. The cloud is global and if you put your information in a UK cloud, and part of it, including the command and control is in the US or any other country, you better expect those local laws to apply too.

I don't know if it says what you think it says. The part that strikes me is where it's an opt in program.

In other words, it's not the intent of the law, it's the intent of following the laws. It's an opt in program and is not required to do business in the EU, but rather to say it follows the EU privacy guidelines.

What you linked to is little more then a stamp or credential much like the energy star green logo

Which is of course utter nonsense, if the information of European citizens is being demanded by US authorities, that violates the stringent privacy laws in the EU. It comes down to whether or not Microsoft wants to do business in the EU. Handwaving about the cloud means nothing.

I believe there is a broader issue here - even though everyone seems to focus on the US - once information on EU citizens leaves the EU it will become fair game for the authorities in whatever state it comes to rest. A non-EU company has no obligation to follow EU rules; especially when faced with laws in their own country that run counter to EU law. EU citizens may think that the EU privacy laws provide them with strong protections against their information being shared with non-EU entities but I think, in

Laws mostly control people. If you give a person (cloud provider) control over your data, you have just subjected your data to every set of laws that has a hold over that person. In today's example, MS has most of its assets in the U.S., so MS will do with your data what the U.S. says. Duh.

Precious few service providers will undertake to protect you when it means losing their own assets, personal freedom, or even just right-to-do-business. Show of hands, now: who really thought they would?

Try getting a company like Google or Microsoft, when they're trying to sell you hosted services, to say anything other than "we comply with lawful requests for information from governments". Note that they don't just mean your government. They mean the government of any country, and if it's a country they do business in, they have to weigh your business against access to an entire market. Which do you think they'll choose? They may try to dodge by only hosting the information in some geographical locations, but that doesn't help much.

"Frazer explained that, as Microsoft is a U.S.-headquartered company, it has to comply with local laws (the United States, as well as any other location where one of its subsidiary companies is based)."

While the focus is on the US Patriot Act; that quote implies that cloud based data is essentially subject to any local law and that privacy laws don't protect someone if the law requires access outside of the jurisdiction covered by privacy laws. A local subsidi

Er, presumably if there were such a National Security Letter, housing it yourself wouldnt give you much choice in the matter either

Actually it would since my house is in Canada and I'd politely inform them that they'd need to talk to the Canadian government and, if they agree, have them make the request. Similarly in the EU US government demands are worthless. Canada and the EU (or at least the UK) have intelligence sharing treaties with the US so they can get access to the data but only if they ask and convince the local government first and it is in compliance with local law.

This is exactly as it should be. MS could end up in real legal trouble if the US government forces them to disclose data on their EU servers in contravention of EU privacy laws.

Canada and the EU (or at least the UK) have intelligence sharing treaties with the US so they can get access to the data but only if they ask and convince the local government first and it is in compliance with local law.

I wonder - how long does it take such a request to be processed and how often on average do they fail to convince the local government?

I don't know but why is the actual number of times they are failed to be convinced useful information? It should depend on how much evidence the US government has when it asks so, without knowing this, how can you tell whether the correct decision has been made? Having a 90% reject rate where 10% are let through on flimsy evidence because it was felt that you could not deny all US requests would be far worse than having a 0% rejection rate because the US government presented strong evidence each time.

Well...first off, that's what Afghanistan said to the U.S. after 9/11. That didn't work out so well for them. Second, turnabout's fair play, I guess [wikia.com]*

*Actually, I think both legal interpretations are egregious. IMHO, and I'm not a lawyer and certainly not a lawyer specializing in legal jurisdictions involving multiple countries, but if the data center isn't in the U.S., then Microsoft E.U. shouldn't be bound by U.S. laws. Likewise, Yahoo should not have been held liable for the Nazi merchandise viewed

You ALWAYS have the ability to encrypt anything you put in a cloud, or anywhere not on a system you physically control. It's just as stupid to put something crucial on a server that you own in a rack, than it is to put it on any "cloud"... you are just one FBI raid away from the child porn server in the rack above your your box being taken and given a total scan.

The fed only shows up if they find something incriminating. I don't really care what you do if you're an actual criminal and you're just trying to get away with stuff. Quick-draw a finger-gun at them if you want.

If they don't find anything incriminating, then your rights are violated without you ever knowing. How will you give them the finger *then*...

it happens when things get cached in places you don't expect. When tools you think are safe are not. How are YOU to know where data is hosted, its just all out there, maaaan.. (keep your enemies close!)

If private US corporations can be used by the USA to extend its intelligence gathering reach like this, does that mean their employees can be treated as government agents by non-US law enforcement agencies? Could a privacy breach turn into an espionage case because of this? It'd certainly make me think twice about accepting a job for a US based company.

It's worse than that. Government agents have done industrial espionage on behalf of private enterprise at times as shown in the Boeing vs Airbus case. Hosting companies could be asked to hand over data just because it may be useful to a well connected competitor.

Every country on the planet performs some form of intelligence gathering. It is not a US only issue although a disturbing amount of people think nobody does it besides the US. Even countries friendly with one another spy on each other. It is SOP in international relations. When someone gets caught they usually just swap compromised spies and go on their merry way.
Cloud or no cloud the NSA has the means to capture, filter, and process almost all of the Internet traffic. The architect of the system balked w

I am not condoning it but the government is just taking advantage of the resources available to improve their intelligence gathering. Why bother infiltrating a company to tap their com lines when you can just ask the company up front for access. Of course if the company happens to be the target of the investigation I imagine some sort of covert infiltration and tapping would come into play. Plus the companies are not supplying data streams to the government they are agreeing to provide access to the govern

No, the obvious solution is to store your own data on your own servers, and make damned sure there is no US company that has access to it which will be covered by this law.

Governments putting their information into the cloud are being stupid if they don't realize they've given up the sovereignty of their own data. It's fairly obvious that if you're not controlling physical access to it, you don't know who is.

"Any data which is housed, stored or processed by a company, which is a U.S. based company or is wholly owned by a U.S. parent company, is vulnerable to interception and inspection by U.S. authorities. "

What doesn't fall under that? To be free of any potential US influence, EU users and companies should make sure the places they do business with have no ties to American companies? Sounds like ISPs, CDNs, web hosts, etc can be asked or forced to comply with government demands. It won't surprise me if there's

There were a lot of Germans that did that back in the late 1930's. That didn't stop Germany from trying to expand its police state anyways. It is easy to run, to be sure, but that won't actually solve the problem. If you don't want the U.S. to morph into some seven-headed monster of authoritarian imperialism, you have to dig in and make a stand somewhere.

There are basically two meanings of "The Cloud":
1) "You don't need to know where your data is"
2) Rapid automatic server provisioning

The thing that's wrong about 1) above is that "The Cloud" is sold as "don't worry about the man behind the curtain." Being ignorant about where your data is actually stored doesn't mean that it's safe -- quite the opposite -- it means that there is elevated risks involved. Because laws change with location, not knowing where your data is means not knowing what laws are applicable.

What stupidity. If China passed a law that said that they had to be given access to all of the data in all of the computers in the United States, I doubt very much if people would be jumping through hoops to accommodate them. Similarly, the U.S. can claim that it has access to data stored in computers in Europe, but no one should take them seriously.

You're missing the point. If Red China passed such a law, Mainland Chinese companies would have to accommodate it. Similarly, US companies have to comply with US law, even for their operations overseas.

Everyone should take them seriously. Has it not been demonstrated pretty well that the US can extradite anyone and anything they want in most places in the world? Has it not been demonstrated that they can lie to do this with impunity?
There are colossal imbalances in power and the US seems to have no problem whatsoever with exploiting that.
There is so much that the US does that is apparently illegal by local, international, and even US law and yet the US is apparently never, ever brought to account ov

Yes, it is indeed true for many, maybe most but not all governments. However not too many governments have as much power and influence, both black and white, as the US government does. The source of my bitch is that I consider the Declaration of Independence and the Constitution of the United States of America as two of the finest political documents ever produced and I have tremendous respect for the ideal expressed within them. However the ideals held within them are regularly, perhaps routinely, disre

I'm not sure why people insist on believing the US is the source of all Evil and every other government is Pure and Righteous, but I assure you that is not the case.

It's not that. Nobody thinks any other government is pure or righteous either. The US government just seems to have this perception of itself that it's "the good guys" and is surprised that the rest of the world doesn't share this opinion.

except Microsoft does take them seriously.. So if the US government asked for data from your Azure cloud server, and that server happened to be located in a EU datacentre, then Microsoft would hand it over.

So regardless of what you think should happen, some homeland-patriot-nutcase-of-america will end up reading your stuff. Get used to it, or don't store your stuff with Microsoft (or any other US based company).

If the Patriot Act is perceived as a threat to 'cloud technology' (I hate the term) then perhaps these tech giants who have the power to ram their agendas down the throat of the government (Microsoft, Oracle, Apple, IBM, Google, ect.) will lobby against the Patriot Act. If the Patriot Act is bad for business then business may actually take the side of the people and try to use their money and influence to do away with it.

They don't. But they do care about losing customers. With all the major investments these companies have made with trying to migrate their users to the cloud, the last thing they could afford is for the public to distrust cloud technologies and revert back to the old ways of storing everything locally.

A company only gets things done because its employees do things on behalf of that company.
An employee should perform his duties to his employer as detailed in his contract of employment.

It would be really interesting to see such a contract for an EU based Microsoft employee (Wikileaks anyone ?) — if it says that he must
obey USA law then he has a personal problem if such USA law conflicts with laws in his EU country.

Just being employed by a USA based company does not give an EU based citizen immunity

The simplest observation to make is that clouds have fuzzy edges. If your company has any data that is subject to legal consequences when disclosed (and that tends to be the case in about 95% of the information I seem to come across) than the use of cloud services with its lack of definition where information logically and legally resides is absolutely out of the question - it's simply too risky.

Not only do not have control over the vendor, you also have no control over what legislative environment you dea